Ethics Code for Professionals in the realm of Cybersecurity

Preamble

Essentially, all Codes of ethics and professional conduct guidelines provide valuable direction for all members of an organization, workforce, or association, who don’t know what is expected of them and want to follow an ethical guideline or standard, to comply with their obligations.

This Ethics Code contains 15 articles based on principles in decision-making, human behavior, and the element of “always doing the right thing”. It is made for all professionals in the realm of Cybersecurity. This code can also be helpful for students and practitioners in the field, to follow as a guideline regarding decision-making and striving to achieve their goals in an ethical manner. Every article is based on theory expressed in the A Gift of Fire (5th ed.) textbook by Sara Baase, with regards to ethical behavior for computer technology. These articles could serve as obligations if it would pertain to an organization, or if used as a standard ethics code.

Under each article, it has been identified the Section of the A Gift of Fire (5th ed.) textbook that it relates to and used as reference for this ethics code. All practitioners and professionals are free to locate the source for insight and position of the content of each article.

As a disclosure, some of the articles or their context may deviate from other ethical principles or other ethics codes depending on the situation and interpretation, since these are directed to a general behavioral guideline as to complying with due diligence and ethical responsibilities.

Finally, this code provides an educational function to the public, students, practitioners and professionals about ethical decision-making in the realm of Cybersecurity.

 

Articles

Article 1 – Honesty

Section 9.1 of A Gift of Fire (5th ed.) by Sara Baase

“Honesty is one of the most fundamental ethical values.” – Sara Baase, A Gift of Fire.

Honesty is the most critical principle every organization should follow, and it should not be disregarded. It is important to portray the need of open communication among the environment, especially where there are risks, vulnerabilities and threats at stake. Decisions have consequences that could lead to minor or major problems, or no problem at all. However, insignificant decisions might develop very significant consequences.

It is considered ethical to always go for the truth and tell no lies, because the truth will always come out one way or another. In a rapidly changing field such as cybersecurity, it is dangerous to leave matters unattended or unfixed.

Usually, lies are considered attempts to manipulate people, and it sabotages the transit of information. Also, nobody should invent stories if they’re not true, for the same reasons.

Article 2 – Follow the C-I-A triad

Section 2.6.1 of A Gift of Fire (5th ed.) by Sara Baase

The three main keys to keep a secure environment is to follow the C-I-A triad. Confidentiality states that data is kept private among authorized agents. Integrity states that such data is left unchanged. Availability states that such data is left private and unreachable for unauthorized agents.

It is vital to follow this basic principle of information security as a standard in our tasks as professionals. It leads to privacy, and privacy for cybersecurity means avoiding intrusion to our systems. Tampering with systems, or unintentional mistakes, could lead to a breach in privacy and security and have repercussions that could result in damages, interruption or shutdown of systems, loss of data, and possibly result in unprecedented costs. It is important to understand how your systems and data work to properly secure them following the three main anchors: confidentiality, integrity and availability.

Article 3 – Stick to what you know

Section 9.2.2 and A.1 (Appendix A) of A Gift of Fire (5th ed.) by Sara Baase

Always base your choices and actions on what you know and not on speculations. Professionals in the field of Cybersecurity are expected to possess knowledge in the area of their interests, and are expected to provide their input of the task, without giving false information or speculations without confirmation. Providing false information is an unethical manner and could lead to repercussions to you and the organization you represent, endangering the image and possibly going against your agreements.

Article 4 – Honor Property of Others

Sections 4.1.1 and 4.3 of A Gift of Fire (5th ed.) by Sara Baase

Property of others should always be respected, whether it is the Company’s property, Intellectual property, or the property of your colleagues.

Plagiarism is a form of stealing intellectual property. Using information that is not yours and no credit is given to the author is considered a violation of the Copyright Act. Also, falsifying work is a form of theft of the payment for the work provided. It basically wastes resources that others could have used.

Article 5 – Obey the Law

Sections 5.6 and 9.1 of A Gift of Fire (5th ed.) by Sara Baase

This principle should not need to be stated and might be obvious for an ethics code, but it is important to mention it. To portray compliant tasks, responsibilities should be met alongside regulations, policies, standards and guidelines. It is important to be aware of the range of what is legal and what is not, because you might be guilty of charge of a certain situation you were not aware of.

Article 6 – Endorse Teamwork

Section 3.1.1 of A Gift of Fire (5th ed.) by Sara Baase

It is ideal to promote teamwork in every environment, even the corny phrase of “there is no I in team” correlates to every success story. We are designed to work in groups to complete most of our tasks, not just in the realm of cybersecurity.

Freedom of speech is a big part of this principle, protected by the first amended of the Constitution. It is expected for every professional to have the will to listen to our colleagues and superiors and respect their input and perspective in every matter. No one should feel uncomfortable to speak out their ideas, since especially in security, any idea could prompt a betterment of procedures, strategies and risk management.

Article 7 – Responsibility of Providing Expertise

Section 9.2.3 of A Gift of Fire (5th ed.) by Sara Baase

Clients, customers, colleagues and superiors will expect you to comply with your responsibilities alongside with your background (education, past experiences) and will expect it to be exactly what you agreed upon at the start of your assignment.

As professionals, we are obliged to provide expertise to build the client’s expectation and trust. It is also expected to warn colleagues and superiors of potential risks you might identify with your expertise, and suggest strategies and recommendations. Also, suggesting any action that would help your organization is expected as part of your due diligence, such as: budget cuts, optimizing procedures, etc.

Article 8 – Safety, Reliability and Security

Sections 8.3 and 9.3.7 of A Gift of Fire (5th ed.) by Sara Baase

In the field of Cybersecurity, it is (almost) an unspoken rule to always test software and hardware for its safety, reliability and security, to avoid malfunctions, bugs and errors, and open doors. Doors that are left open for malicious users to find need to be identified and closed. These could cause breaches in security, thus affecting the safety and reliability of the systems. It is really easy for a system in this situation to be attacked and be infected by a virus, worm, among others.

Article 9 – Always Maintain Awareness

Section 7.5 of A Gift of Fire (5th ed.) by Sara Baase

It is vital to always maintain awareness of potential risks in privacy. In cybersecurity, the main goal is to secure and protect confidential data, and maintain its integrity unavailable to others. Computer science and engineering is changing at all times, what you learn today is already old and there is possibly more than one malicious user that knows what you learned, so it is important to stay aware to update your strategy against these users and keep data secured.

Article 10 – Have Courage

Sections 9.2.1 and 9.3.9 of A Gift of Fire (5th ed.) by Sara Baase

You are expected to build courage with regards to notifying every good news and bad news to your clients, colleagues and superior for the same reasons expressed in the previous article. All news are vital to building a secure infrastructure and prevent breaches in security. You should have courage to stand up and say the truth, especially with safety concerns.

Your safety concerns are better left outspoken than left inside your head. Even if there are unethical rules, colleagues or superiors, you are expected to stand up and notify the situation as soon as possible, since the enemy of risks, threats and vulnerabilities is time.

Article 11 – Taking Care of your Environment

Section 6.5.3 of A Gift of Fire (5th ed.) by Sara Baase

Recognize and take special care of systems that become integrated into the infrastructure. It is important to establish or have established monitoring controls for your information systems. Management should also track employee access controls and system use to avoid possibilities of vulnerabilities and portray efficient risk management protocols.

This section does not exclude personnel. Taking care of how your colleagues and superiors feel also affect the environment, building a relationship and trust is key to a better performance.

Article 12 – “Don’t do unto others what you don’t want done unto you.” – Confucius

Sections 1.4 and 9.1 of A Gift of Fire (5th ed.) by Sara Baase

You are expected to avoid causing harm others. With this famous quote from Confucius, we can follow the lines of an ethical behavior towards our colleagues and our environment. It serves as a representation of good deed and definitely helps achieve a better performance of our roles and responsibilities. This way, no one would feel fear of expressing themselves and expressing any idea that would either help against a possible risk, or an idea that would help in the betterment of the organization’s policies and procedures.

Article 13 – Respect and follow your assigned responsibilities

Section A.1 (Appendix A) of A Gift of Fire (5th ed.) by Sara Baase

Contracts and agreements are written and accorded for a reason: to comply with your responsibilities. It is vital to stay in the margin of said written disclosures, to never be out of line and fulfill your tasks without causing a problem. Always follow guidelines, job descriptions, operational manuals, and even best practices to uphold your good deed, due diligence and professionalism.

Article 14 – Tolerance

Section 6.4 of A Gift of Fire (5th ed.) by Sara Baase

You are expected to be tolerant among your clients, colleagues and superiors. You should be inclusive and treat others as if you were treating yourself, be empathetic. Even if your tasks are individual, it is always good to receive input of your colleagues and superiors, especially regarding security.

Another important thing to expect is that every environment must be free of all types of harassment. Everyone should feel free of harassment and feel free to immediately report it without fear of retaliation or punishment.

Article 15 – Conflict of Interests

Section 9.3.11 of A Gift of Fire (5th ed.) by Sara Baase

All ethical standards including this topic require all practitioners to report or inform your organization of your relationship to your assigned tasks. Saying nothing about it and performing a task that could be considered as a violation to the company with regards to a conflict of interest could have punishable outcomes for more than one party, including yourself.

On another note, when in an organization, it is expected to offer impartial and unbiased professional advice and services, even if they don’t directly benefit you in a personal manner. No glimpse of favoritism is expected in any of your tasks and the client should always feel free to choose whatever he or she finds fair for him or herself.

 

 

 

 

 

References

Note: These external resources were used merely for ideas and formatting purposes. The entire content of this ethics code is based on the A Gift of Fire (5th ed.) textbook by Sara Baase.

  1. Baase, S. A Gift of Fire: Social, legal, and ethical issues for computing technology (5th ed.). Pearson. 2
  2. 2018 ACM Code of Ethics and Professional Conduct, Draft 1. (2016, November 22). Retrieved from https://ethics.acm.org/2018-code-draft-1/
  3. (ISC)² Code Of Ethics. Retrieved from https://ethics.acm.org/2018-code-draft-1/
  4. Code of Professional Ethics. ISACA. Retrieved from https://www.isaca.org/Certification/Code-of-Professional-Ethics/Pages/default.aspx

 

By: Luis Pla 10/21/2018

Advertisements